Univention Bugzilla – Bug 57054
PostgreSQL 11 - open CVE-2024-0985
Last modified: 2024-02-13 10:23:25 CET
The UCS 5.0 Release series contains the postgresql package which is affected by - https://security-tracker.debian.org/tracker/CVE-2024-0985 As postgresql is EOL and the last official update came in november, it's possibly necessary to mitigate the issue when patches are available for version 13. The issue should not be critical in normal UCS environments, as: "The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view." "The victim is a superuser or member of one of the attacker's roles."